Related Reads
Practical Social Engineering Tactics
October 13, 2016 | Views: 5932
Attackers know that hacking a WiFi key is just a temporary thing. Maybe they think, why not hack the entire connection instead? Well, here are some basic “tried and true” social engineering tactics that actually work, and you should be aware of. Don’t get taken advantage of by these simple actions.
1. The Cold Call: On hacking something, port scanning is done first to understand the target and system flow (services etc..). Short duration calls to your ISP can be made asking to change or reset your password.
A simple conversation might go like this:
“Hey, this is J**N here. How can I help you?”
“Hello, I just want to change my PPPoE password. I recently did a reset on my router, and I forgot the password. How can I change that?”
“Username please?”
“My username is ******”
“Is this your number? 7*******28??”
“Yes, this is mine.”
“and blah blah blah is your address??”
“Yes Yes…”
“You have to msg PASS followed by your username, and your reset password will be sent to your phone. You will soon find this format in your message box.”
“Fine, Thanks”
“Something else sir?”
“No”
“Have a good day.”
Conclusions:
- Only a username was requested. This can be easily acquired.
- If access to the phone connected to the account could be gained, an SMS to reset the password could easily be infiltrated.
- Just answering “yes” was insecure on the company’s side.
- The phone was the vulnerability here.
2. Getting more: Another call is placed to ISP support asking to change the phone number.
Sample conversation:
“I wanted to change my number.” (Obviously, calling from a different number)
The same conversation, on asking for username and it was provided.
He said that I had to verify my identity and asked, “May I know your old number, please?
I responded correctly.
He asked for my address. I told him.
He asked for my birth date. Again, correct information was provided to him.
“May I know your new number please?”
An alternate number was provided.
Once the confirmation message is sent to the new number, the attacker is now able to hack into someone else’s connection now. All that was needed was someone’s username and basic account information.
Conclusions:
- They verified with the information which was publicly available.
- What was needed to change the number?
- Old Phone number
- Address
3. Final Conclusions: It is not always necessary to be a programmer or an “elite” to hack into someone’s network or someone’s internet connection via hardcore hacking skills. You can do it non-technically too. I hope you all learned from this. Do let me know if you find some error or anything. Feel free to share what’s in your mind.
Share with Friends
Use Cybytes and
Tip the Author!
Tip the Author!
Join
Share with Friends
Ready to share your knowledge and expertise?
5 Comments
Support Cybrary
Donate Here to Get This Month's Donor Badge
The Personal Information which we have provide in social media makes us vulnerable to such kind of attacks. Less Awareness about Cyber crime and social tricks on how we get struck up in mess are the reasons.
The most disturbing thing about a Social Engineering attack is the fact that it is so easy to execute. One former hacker, Kevin Mitnick was a master of Social Engineering and reaped the benefits as a result. The human element always has been and always will be the Achilles Heel of any attempt to secure systems and devices. Disregard this fact at your peril.
scary, because it is so true…
its brief, i need more explanation
Hacking can happen without having to force info out of you. Some people willingly go handing out their info without any idea of what they just did. Which was giving out their info so they could just log in as easily as they could.